Down the Security Rabbithole Podcast (DtSR)

Send the hosts a message - try it now!TL;DR: This episode is a "walk-around" episode, where I walked around Black Hat 2024 and ran into some friends to talk about what we're seeing, anything that caught their attention, and some other interesting insights in short-form recordings. I hope you enjoy listening to Lamont Orange, Aaron Bray, Alex Humphrey, and Rick Holland as much as I enjoyed the conversations.No video for this episode.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!TL;DR: Have you ever wondered what it would be like to be responsible for security for an entire county? That job encompasses a massive amount of responsibility - but I'll let Doug Cavit, the CISO of Snohomish County, Washington tell us about it. What a resume, and what an incredible job Doug has.YouTube Video: https://youtube.com/live/selNfh5gQAUSupport the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!TL;DR: This episode was one of our awesome LinkedIn Live episodes - if you missed it, join us on LinkedIn and never miss another! On this one, James Robinson (CISO at Netskope) talks with Rafal and James with guest-host Jim TIller about the possibilities we have with SaaS, data protection, and the whole mess we've made over the last 20+ years of "data everywhere". Big thanks to Netskope for providing the excellent James Robinson onto the show!YouTube Video (if you prefer YouTube): https://youtube.com/live/8MnpK0H9az0Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!TL;DR: Today's episode is all about how we can build better software and systems - from a supply chain perspective. Tim Miller joins us, and it starts as a general conversation but we quickly dive into the world of software development. There's a lot to talk about here, starting with this XKCD that explains it perfectly: https://xkcd.com/2347/YouTube video: https://youtube.com/live/XOMl_Hp8q_QSupport the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!TL;DR: I bet you don't generally think about the software that actually runs the business when you're thinking security. In this episode, we tackle the security of SAP systems - the most popular business software on the planet - from some experts who tell us what we're missing. There's a lot to unpack here, and I bet you're not thinking about much of this, if any... I know my team wasn't. This is vital information.YouTube video: https://youtube.com/live/q8j6pkFXxeMSupport the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!TL;DR: This week's episode features someone you've probably known for a while, without actually knowing him. Bob Brandon talks about his journey through publishing the wildly successful CSO Magazine (now an online publication) and being close the the CISO world for a long time. He has a great story to tell, so listen in, and enjoy.YouTube video: https://youtube.com/live/WafXp6xPpBYSupport the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!TL;DR: This week's guest is here to talk about Zero Trust... in a practical way. We're talking with Rob Allen of ThreatLocker about zero trust from a way you may have not thought about before. It's an interesting conversation and a piece of a much larger puzzle ... but from a practical standpoint, this may be the best actual place to start. Do you agree?YouTube Video: https://youtube.com/live/cgADamn2oQQSupport the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Jonathan Rau, a cybersecurity expert, dives into the contentious world of SIEM systems—often labeled as dead yet continually revamped. He discusses the evolution of these tools, highlighting how initial goals were hindered by complexity and a lack of skilled personnel. Rau emphasizes the importance of purposeful data analysis, warning against using data models without clearly defining the problem. The conversation also critiques the influx of cybersecurity tools, urging a return to basics and a focus on genuine business needs.

Send the hosts a message - try it now!TL;DR: Friend of the pod, Karim Hijazi of Vigilocity, joins Rafal this week to talk about the state of ransomware, its "families", proliferation and motivations. It's a dark picture that's getting darker as it all evolves. Karim also provides some data-driven insights you can even investigate for yourself, check this show out on the video stream for more complete insights.YouTube Video: https://youtube.com/live/wgUzYp-bl90Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Send the hosts a message - try it now!TL;DR:This week is part 2 of the 2-part series on "Outsourcing your security" with Paul Farley. Paul's expertise in this space means you should be taking notes! On this second part, we dive into how you can pick an effective model for your use-case (we talk through a few of the available models out there), how to effectively implement an MSSP, and then how to measure success. Guest host Jim TIller joins us again, too.YouTube video: https://youtube.com/live/FkyJPmZikmcSupport the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast